One Million Infected Users!

This article peaked my interest earlier today given I’ve spent the last 8 years building host intrusion prevention system for a living.

http://www.pcworld.com/businesscenter/article/154378/microsoft_yanks_fake_security_software.html

While we have to applaud Microsoft for cleaning up nearly one million systems infected with W32/FakeSecSen, otherwise known as "Advanced Antivirus," "Spyware Preventer," and many other fake names, don’t we also have to ask why such large-scale infections are still occurring?

As my Gran always use to say "Prevention is better than cure".

Fake security programs have been a major arsenal for the cybercriminal as far back as 2004, helping the criminal deliver countless Trojan’s, Spyware programs and enabling phishing attacks. The interest to the team at PINoptic is the report in June 2008, MSRT sniffed out 1.2 million PCs infected with a family of password stealers.

Implementing a one-time password solution removes the threat of password stealers, especially where you have server side authentication for web applications.

Corporate and consumers alike spent vast sums on complex security applications which fail constantly to deliver the protection required. Programs which generally degrade system performance and take 10 hours to scan systems are not providing the security required, yet still they are top priority for security budgets.

It’s interesting in the case of password security how little is implemented other then “implement best practices” policies relying on users not to implement weak passwords or disclose them to friends and family. Simple one-time password authentication solutions are readily available but few IT solutions make use of this technology.

At PINoptic we aim to address this through the use of a simple visual approach to authentication, making the solution language independent and without the need for costly token devices to be distributed. A simple low cost security solution to integrate into any existing application allowing a much more secure password to be set and used in open spaces without fear of shoulder surfing.

Watch this space!

Middle Eastern Banking Fraud

Have you wondered why the major banks still continue to use ageing and insecure technology such as Chip-n-Pin and ATM systems to try and protect our hard earned money? Ageing I hear you say? but it's only just been introduced, very true, however these projects take years to progress through the corporate system and consequently are out of date by the time they are implemented.

As an arms race against the bad guys it’s vital for the security of the customer for organisations (and not just banks) to ensure they keep ahead and provide sufficient security.

Why do we therefore see more and more fraud from stolen credit cards and witness the ease at which pin numbers can be obtained.

The recent discovery in the Middle East banking sector is yet another example:

http://www.theregister.co.uk/2008/09/12/uae_atm_hacking_attack/

When simple more secure solutions exist such as one time password authentication why do we still have insecure implementation of banking security? At PINoptic we hear considerable investment “skin in the game” in the current solutions, we hear the losses aren’t high enough (almost £600 million last year in the UK alone?) for the lack of will to improve security.

At PINoptic we view the customer as surely the major drive behind reducing the level of fraud. Anyone who has had payments taken illegally from their bank accounts or credit cards will know the personal inconvenience this creates.

It’s time for more secure solutions to be implemented!